CVE-2023-4518
Severity:
HIGH
Type:
Unavailable / Other
Publication date:
01/12/2023
Last modified:
06/12/2023
Description
A vulnerability exists in the input validation of the GOOSE <br />
messages where out of range values received and processed <br />
by the IED caused a reboot of the device. In order for an <br />
attacker to exploit the vulnerability, goose receiving blocks need <br />
to be configured.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:* | 2.2.0 (including) | 2.2.2.6 (excluding) |
| cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:* | 2.2.3 (including) | 2.2.3.7 (excluding) |
| cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:* | 2.2.4 (including) | 2.2.4.4 (excluding) |
| cpe:2.3:o:hitachienergy:relion_670_firmware:*:*:*:*:*:*:*:* | 2.2.5 (including) | 2.2.5.6 (excluding) |
| cpe:2.3:h:hitachienergy:relion_670:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hitachienergy:relion_650_firmware:*:*:*:*:*:*:*:* | 2.2.4 (including) | 2.2.4.4 (excluding) |
| cpe:2.3:o:hitachienergy:relion_650_firmware:*:*:*:*:*:*:*:* | 2.2.5 (including) | 2.2.5.6 (excluding) |
| cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hitachienergy:relion_650_firmware:2.2.1.6:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hitachienergy:relion_650:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:*:*:*:*:*:*:*:* | 2.2.5 (including) | 2.2.5.6 (excluding) |
| cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:2.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:hitachienergy:relion_sam600-io_firmware:2.2.1.6:*:*:*:*:*:*:* | ||
| cpe:2.3:h:hitachienergy:relion_sam600-io:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page